Page 1
This guide will show how to configure a Windows 2000/XP machine to make an IPsec VPN Tunnel connection to a DI-804HV. Below is the example network that this document is based Technical Requirement: Customer is required to understand their network and Windows 2000/XP well for this configuration.
Page 2
DI-804HV with Windows 2000/XP IPsec VPN Client Configuration Guide Page 2 DI-804HV Configuration 1. Type in the IP address of the DI-804HV in the address bar of the browser. Log-in using the default username and password. 2. Click on VPN on the left- hand side menu.
Page 3
DI-804HV with Windows 2000/XP IPsec VPN Client Configuration Guide Page 3 4. Under ID #1, enter the name ‘3DES-MD5’, DH- Group = Group2, Encrypt algorithm = 3DES, Auth algorithm = MD5, Life Time = 28800, Life Time Unit = Sec. Set the Proposal ID at the bottom to #1 and then click on the ‘Add to’...
DI-804HV with Windows 2000/XP IPsec VPN Client Configuration Guide Page 4 Windows 2000/XP Configuration 1. Go into Start the type in MMC to bring up the Console. 2. Click on Console then Click on Add/Remove Snap In. In Windows XP,...
Page 5
DI-804HV with Windows 2000/XP IPsec VPN Client Configuration Guide Page 5 5. Select ‘Local computer’ and then click on Finish. 6. Click on ‘Close’ on the Add Standalone Snap-in window. 7. Click on OK in the ‘Add/Remove Snap-in’.
Page 6
DI-804HV with Windows 2000/XP IPsec VPN Client Configuration Guide Page 6 8. Right-Click on IP Security Policies on Local Machine. Select ‘Create IP Security Policy’. 9. The wizard should then come up. Click ‘Next’ to continue. 10. Enter the name for the Policy as well as the description.
Page 7
DI-804HV with Windows 2000/XP IPsec VPN Client Configuration Guide Page 7 11. Uncheck ‘Activate the default response rule’. Click ‘Next’. 12. Click on ‘Finish’. 13. The Properties window for the newly created policy should then come up. Click on ‘Add’.
Page 8
DI-804HV with Windows 2000/XP IPsec VPN Client Configuration Guide Page 8 14. Click on ‘Add’ under IP Filter List. 15. Enter the name and the description for the New IP Filter List. Uncheck the ‘Use Add Wizard’. Click on ‘Add’.
Page 9
DI-804HV with Windows 2000/XP IPsec VPN Client Configuration Guide Page 9 17. Click ‘Close’. 18. Select the newly created IP Filter. 19. Click on the ‘Filter Action’ Tab. Select ‘Require Security’. Click on ‘Edit’.
Page 10
DI-804HV with Windows 2000/XP IPsec VPN Client Configuration Guide Page 10 20. Move the 3DES/MD5 security method to the top. Check the ‘Session key Perfect Forward Secrecy’. Click ‘OK’. 21. Click on ‘Connection Type’ Tab. Select ‘All network connections’. 22. Click on ‘Tunnel Setting’...
Page 11
DI-804HV with Windows 2000/XP IPsec VPN Client Configuration Guide Page 11 23. Click on ‘Authentication Methods’ Tab. Click on ‘Kerberos’ and then Click on ‘Edit’. 24. Select ‘Use this string to protect the key exchange (preshared key)’. Type in the Preshared key. Click ‘OK’.
Page 12
DI-804HV with Windows 2000/XP IPsec VPN Client Configuration Guide Page 12 26. Select the newly created rule. Click on ‘Add’. 27. Click on ‘Add’ under IP Filter List. 28. Enter the name and the description for the New IP Filter List. Uncheck the ‘Use Add Wizard’.
Page 13
DI-804HV with Windows 2000/XP IPsec VPN Client Configuration Guide Page 13 29. Select ‘My IP Address’ for the ‘Source address’. Uncheck the ‘Mirrored….’ Option at the bottom of the screen. Select ‘A specific IP subnet’ for the ‘Destination address’ and enter the Internal LAN range on the DI-804V side.
Page 14
DI-804HV with Windows 2000/XP IPsec VPN Client Configuration Guide Page 14 32. Click on the ‘Filter Action’ Tab. Select ‘Require Security’. You don’t need to click on Edit. 33. Click on ‘Connection Type’ Tab. Select ‘All network connections’. 34. Click on ‘Tunnel Setting’...
Page 15
DI-804HV with Windows 2000/XP IPsec VPN Client Configuration Guide Page 15 35. Click on ‘Authentication Methods’ Tab. Click on ‘Kerberos’ and then Click on ‘Edit’. 36. Select ‘Use this string to protect the key exchange (preshared key)’. Type in the Preshared key. Click ‘OK’.
Page 16
DI-804HV with Windows 2000/XP IPsec VPN Client Configuration Guide Page 16 38. Select the newly created rule ‘Right (Single User)….’. Click ‘Close’. 39. Click on the General Tab and then the ‘Advanced’ Button. 40. Check the ‘Master key Perfect Forward Secrecy’.
Page 17
DI-804HV with Windows 2000/XP IPsec VPN Client Configuration Guide Page 17 41. Move the IKE/3DES/MD5 to the top. Click ‘OK’. 42. Click ‘OK’. 43. Click ‘Close’. 44. Right-click on the new policy and select ‘Assign’ to activate the policy.
Page 18
DI-804HV with Windows 2000/XP IPsec VPN Client Configuration Guide Page 18 45. You can then ping an Internal LAN IP address on the DI-804HV side (i.e. 192.168.0.4 in this example) in the DOS prompt. It will then start Negotiating IP security and eventually you will get a reply.
Page 19
DI-804HV with Windows 2000/XP IPsec VPN Client Configuration Guide Page 19 48. In Windows XP, you can monitor the IPsec tunnel by adding the IP Security Monitor Snap/IP. You can do this by going into File Add/Remove Snap-In Click Add Select IP Security Monitor.